mailing list archives
Re: Expanding upon the obvious
From: Joshua Wright <jwright () hasborg com>
Date: Wed, 12 Dec 2012 09:02:36 -0500
On Dec 11, 2012, at 12:49 PM, Patrick Laverty <patrick_laverty () brown edu> wrote:
I think Stop & Shop grocery stores are doing something tangential to this. If you use their in-store price scanner,
it will beep at you on occasion, telling you about deals on an item that just happens to be in the aisle you're
standing in! So while they might not know who *I* am (or they might), they sure know where I am in the store.
There is a big market for product manufacturers to collect information about shopper habits in retail establishments.
In supermarkets where margins are thin, there is a clear revenue opportunity to sell information about what aisles
shoppers walk down, how long they stop at any given spot (identifying the prime marketing points in the store), what
they choose for a product at a given spot in the store among other competitors, etc.
Stores like Stop & Shop (and others) have developed systems to ease the checkout process while shopping, and leveraging
those devices with proprietary or standards-based location tracking systems. The IEEE 802.11 systems for location
tracking are common, but ZigBee and IEEE 802.15.4 are seeing more active use since the chips are cheaper and simpler,
and the perceived security is "better" (do these quotes make me look snarky?) Other stores are using Bluetooth, or
proprietary protocols such as Z-Wave.
As a pen-tester, this is good for me, since there are lots of opportunities for manipulating these systems using
readily-available or custom tools. Typically we don't see these systems as unauthorized internal network access
threats, but it's common to identify weaknesses that threaten the reliability and fidelity of the system, which calls
the value of the deployment into question.
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com